HardenedBSD/contrib/blacklist/TODO
Kurt Lidl 12017ca883 Import NetBSD's blacklist source from vendor tree
This import includes The basic blacklist library and utility programs,
to add a system-wide packet filtering notification mechanism to
FreeBSD.

The rational behind the daemon was given by Christos Zoulas in a
presentation at vBSDcon 2015: https://youtu.be/fuuf8G28mjs

Reviewed by:	rpaulo
Approved by:	rpaulo
Obtained from:	NetBSD
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5912
2016-06-01 22:04:10 +00:00

22 lines
883 B
Plaintext

# $NetBSD: TODO,v 1.7 2015/01/23 21:34:01 christos Exp $
- don't poll periodically, find the next timeout
- use the socket also for commands? Or separate socket?
- add functionality to the control program. Should it change the database
directly, or talk to the daemon to have it do it?
- perhaps handle interfaces too instead of addresses for dynamic ip?
<bge0/4>? What to do with multiple addresses?
- perhaps rate limit against DoS
- perhaps instead of scanning the list have a sparse map by port?
- do we want to use libnpf directly for efficiency?
- add more daemons ftpd?
- do we care about the db state becoming too large?
- instead of a yes = bump one, no = return to 0 interface, do we want
to have something more flexible like?
+n
-n
block
unblock
- do we need an api in blacklistctl to perform maintenance
- fix the blacklistctl output to be more user friendly